Building an Address Book with OpenLDAP
Pages: 1, 2, 3
Defining the Contact Attributes
One of the first goals in creating contacts is to decide what information to store for each entry. Once we know that, we can map our needs to the right LDAP attributes.
Let's consider a typical contact entry. Obviously, we will want to know the contact's name and address, her phone number, and her email address. Read Table 1 to review these real-world attributes and the LDAP attributes to which they map. From now on, we will use a combination of real-world attribute names and LDAP attribute names, so refer to this table as needed.
Table 1. Common LDAP Attributes used for Contact Entries
Attribute | ObjectClass | Meaning |
|---|---|---|
commonName,
cn | person | Individual's full name |
givenName,
gn | inetOrgPerson | Individual's first name |
surname,
sn | person | Individual's last name |
physicalDeliveryOfficeName | organizationalPerson | Department or delivery office name |
mail | inetOrgPerson | Email address |
postalAddress | organizationalPerson | Street mailing address |
l | organizationalPerson | City |
st | organizationalPerson | State |
postalCode | organizationalPerson | Postal (ZIP) code |
telephoneNumber | organizationalPerson | Work number |
facsimileTelephoneNumber | organizationalPerson | Fax number |
pager | inetOrgPerson | Pager number |
mobile | inetOrgPerson | Mobile phone number |
homePhone | inetOrgPerson | Home phone number |
Any entry in our directory requires a DN. For this article, we will use a
contact's full name to establish the uniqueness of each DN. The full name is
specified using the commonName (cn) attribute. Let's
create an example entry with a fictitious employee of Conglomo, Inc. named Jane
Doe in a file named contact.ldif:
dn: cn=Jane Doe, ou=addressbook, dc=example, dc=comNow that the DN is defined, we can go ahead and start defining the LDAP
attributes that we want. Begin by defining the commonName
(cn, givenName (gn), and
surname (sn) attributes:
cn: Jane Doe
gn: Jane
sn: DoeAll of these attributes require objectClass person, so we need
to define that, as well:
objectClass: personNext, let's define the email address for our contact using the
mail attribute:
mail: jane.doe@example.comThe mail attribute requires objectClass
inetOrgPerson, which belongs to organizationalPerson, so
let's use those object classes:
objectClass: organizationalPerson
objectClass: inetOrgPersonThe next attribute we will define is
physicalDeliveryOfficeName. It's required for two reasons. First,
the attribute allows you to specify the name of the office to where mail should be
sent. Also, since we are using the organizationalUnit attribute to
define our addressbook container, we can't really define a department name, as
the department name is defined by the organizationUnit attribute.
This is a bit contorted, but that's how LDAP-aware email clients use it.
Let's go ahead and define these attributes:
physicalDeliveryOfficeName: Conglomo, Inc., Financial ServicesMost LDAP-aware email clients recognize an additional company
attribute. It defines the company name; in this case, Conglomo, Inc.
Unfortunately, this attribute is not standard, and requires that you use a
custom schema. (Search for more information by looking for
microsoft.schema.)
Now we are free to define Jane's mailing address:
postalAddress: PO BOX 55555
l: Baton Rouge
st: LA
postalCode: 70555With this information and the physicalDeliveryOfficeName, LDAP
clients will see the following when requesting Jane's physical address:
Jane Doe
Conglomo, Inc., Financial Services
PO BOX 77831
Baton Rouge, LA 70879Next, specify Jane's phone information for her work phone, fax, pager, mobile phone, and home phone number:
telephoneNumber: 555-555-5555
facsimileTelephoneNumber: 555-555-5556
pager: 555-555-5557
mobile: 555-555-5558
homePhone: 555-555-5559Finally, we need to define the organizational unit:
ou: addressbook
At this point we are finished creating Jane's LDIF-formatted entry. You
should now have a file named contact.ldif with the following
information:
dn: cn=Jane Doe, ou=addressbook, dc=example, dc=com
objectClass: top
objectClass: person
objectClass: organizationalPerson
objectClass: inetOrgPerson
cn: Jane Doe
gn: Jane
sn: Doe
mail: jane.doe@example.com
physicalDeliveryOfficeName: Conglomo, Inc., Financial Services
postalAddress: PO BOX 55555
l: Baton Rouge
ou: addressbook
st: LA
postalCode: 70555
telephoneNumber: 555-555-5555
facsimileTelephoneNumber: 555-555-5556
pager: 555-555-5557
mobile: 555-555-5558
homePhone: 555-555-5559You should notice that I moved the objectClass attributes to
the top of the entry and added an objectClass:
objectClass: topThis isn't actually necessary, but I'm a sucker for completeness, and I typically fully define all object classes used when creating an entry.
Import our example entry into the directory with ldapadd:
$ ldapadd -D 'dc=example, dc=com' -f contact.ldif -W
Enter LDAP Password: secretAfter ldapadd is done, you will have your first contact entry in
your directory. Again, you can use ldapsearch to dump the entire
directory, or, as shown below, to perform a more specific lookup:
$ ldapsearch -b 'ou=addressbook, dc=example, dc=com' '(objectclass=*)'
